﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Net.Mail;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.SqlClient;
using System.Data;
using System.Web.Configuration;
using System.Security.Cryptography;
using System.Text;

namespace HospitalSystem.Admin
{
    public partial class UIDManagement : System.Web.UI.Page
    {
        string constr = WebConfigurationManager.ConnectionStrings["strconnection"].ConnectionString;
        public static List<string> a = new List<string>();
        DataTable dt = new DataTable();
        DataTable dx = new DataTable();
        public static string key = "MDCODE";
        protected void Page_Load(object sender, EventArgs e)
        {
            
        }
        private void MessageBox(string msg)
        {
            Label lbl = new Label();
            lbl.Text = "<script language='javascript'>" + Environment.NewLine + "window.alert('" + msg + "')</script>";
            Page.Controls.Add(lbl);
        }
        protected void CPassButton_Click(object sender, EventArgs e)
        {
            if ((OldPassTB.Text != string.Empty) && (NewPassTB.Text != string.Empty))
            {
                Label ULB = (Label)Master.FindControl("UserLabel");
                SqlConnection scon = new SqlConnection(constr);
                SqlCommand NewPasscmd = new SqlCommand("UPDATE [Employee] SET Password =@NEWPASSWORD WHERE Username =@UID", scon);
                NewPasscmd.Parameters.AddWithValue("@NEWPASSWORD", Encrypt(NewPassTB.Text, key));
                NewPasscmd.Parameters.AddWithValue("@UID", ULB.Text);
                if (OldPassCheck() == true)
                {
                    scon.Open();
                    NewPasscmd.ExecuteNonQuery();
                    scon.Close();
                    MessageBox("Your password has been changed.");
                }
                else if (OldPassCheck() == false)
                {
                    MessageBox("WrongPassword!");
                }
                else
                {
                    MessageBox("Unknow Error");
                }

            }
            else
            {
                MessageBox("Please Enter Old and New password correctly!");
            }

        }
        public string Encrypt(string strToEncrypt, string strKey)
        {
            try
            {
                TripleDESCryptoServiceProvider objDESCrypto = new TripleDESCryptoServiceProvider();
                MD5CryptoServiceProvider objHashMD5 = new MD5CryptoServiceProvider();

                byte[] byteHash, byteBuff;
                string strTempKey = strKey;

                byteHash = objHashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strTempKey));
                objHashMD5 = null;
                objDESCrypto.Key = byteHash;
                objDESCrypto.Mode = CipherMode.ECB; //CBC, CFB

                byteBuff = ASCIIEncoding.ASCII.GetBytes(strToEncrypt);
                return Convert.ToBase64String(objDESCrypto.CreateEncryptor().TransformFinalBlock(byteBuff, 0, byteBuff.Length));
            }
            catch (Exception ex)
            {
                return "Wrong Input. " + ex.Message;
            }
        }
        public string Decrypt(string strEncrypted, string strKey)
        {
            try
            {
                TripleDESCryptoServiceProvider objDESCrypto = new TripleDESCryptoServiceProvider();
                MD5CryptoServiceProvider objHashMD5 = new MD5CryptoServiceProvider();

                byte[] byteHash, byteBuff;
                string strTempKey = strKey;

                byteHash = objHashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strTempKey));
                objHashMD5 = null;
                objDESCrypto.Key = byteHash;
                objDESCrypto.Mode = CipherMode.ECB; //CBC, CFB

                byteBuff = Convert.FromBase64String(strEncrypted);
                string strDecrypted = ASCIIEncoding.ASCII.GetString(objDESCrypto.CreateDecryptor().TransformFinalBlock(byteBuff, 0, byteBuff.Length));
                objDESCrypto = null;

                return strDecrypted;
            }
            catch (Exception ex)
            {
                return "Wrong Input. " + ex.Message;
            }
        }
        public bool OldPassCheck()
        {
            Label ULB = (Label)Master.FindControl("UserLabel");
            string x = ULB.Text;
            string op = "";

            SqlConnection scon = new SqlConnection(constr);
            SqlCommand oldpasscmd = new SqlCommand("SELECT Password FROM Employee WHERE Username = @ID", scon);
            oldpasscmd.Parameters.AddWithValue("@ID", x);
            scon.Open();
            SqlDataReader reader = oldpasscmd.ExecuteReader();
            if (reader.Read())
            {
                op = Decrypt(reader["Password"].ToString(), key);
            }
            scon.Close();
            if (op == OldPassTB.Text)
            {
                return true;
            }
            else
            {
                //MessageBox("Wrong Old password!");
                return false;
            }
        }
    }
}